NextDNS

For DNS I find Next DNS to be best. NextDNS is a service that significantly enhances your online security and privacy. Acting as an advanced guard for your network, it offers features like ad blocking, tracker blocking, and malware protection to safeguard your browsing experience.

Account Setup

By creating an account, you can block top domains known for malicious activity, adding an extra layer of protection. You can also disable native trackers, making it an excellent choice, especially for Windows users.

NextDNS account.

Before we start go ahead and make an account. Otherwise proceed to the add DNS section if you do not want an account.

Security Settings

  1. When you are logged in, click on the “Security” tab at the top.
  2. Enable “Threat Intelligence Feeds.”
  3. Disable “AI-Driven Threat Detection” since it’s a beta.
  4. Disable “Google Safe Browsing.”
  5. Enable “Cryptojacking Protection” if you use crypto.
  6. Enable “DNS Rebinding Protection.”
  7. Enable “IDN Homograph Attacks Protection.”
  8. Enable “Typesquatting Protection.”
  9. Enable “Domain Generation Algorithms (DGAs) Protection.”
  10. Enable “Block Newly Registered Domains (NRDs).”
  11. Enable “Block Dynamic DNS Hostnames.”
  12. Enable “Block Parked Domains.”
  13. Under “Block Top-Level Domains (TLDs),” click on the “ADD A TLD” option.
  14. Add all the “Spamhaus Most Abused TLDs.”
  15. Add any domains you wouldn’t want to visit.
  16. I personally disabled all TLDs that are not written in Latin; this is a preference. If you are in Saudi Arabia, disabling Arabic domains may not be advisable.

DNS And Privacy Settings

Now if you go to the “Privacy” category, we can start blocking DNS queries:

  1. Click on the “ADD A BLOCKLIST” option.
  2. Click on the search bar and write “hagezi.”
  3. Click on the “ADD” button next to “HaGeZi – Multi Ultimate.”
  4. Click on the search bar and write “xtra.”
  5. Click on the “ADD” button next to “1Hosts (Xtra).”
  6. I personally also add “No Google” and “No Facebook” (this is optional).
  7. Scroll down to “Native Tracking Protection.”
  8. Click on the “ADD” button.
  9. I personally enable all options and have no issues on any machine.
  10. Click on the cross and scroll down to the bottom.
  11. Enable “Block Disguised Third-Party Trackers.”
  12. Disable “Allow Affiliate & Tracking Links.”

This setup blocks most unwanted elements. However, consider that guests may not want to use your Wi-Fi if you block something they use. If this is a concern, avoid extensive blocking on your router. I only apply comprehensive blocking of apps on my devices, not on the network itself.

DNS And Parental Control Settings

  1. Go to “Parental Control.”
  2. Scroll down and click on the “ADD A WEBSITE, APP OR GAME.”
  3. Add any game or website you don’t want to use.
  4. Click on the cross.
  5. Scroll further down to find the “Categories” section.
  6. Click on the “ADD A CATEGORY” button.
  7. Add any unwanted categories and click on the cross.
  8. Scroll to the bottom.
  9. Disable “SafeSearch.”
  10. Disable “YouTube Restricted Mode.”
  11. Enable “Block Bypass Methods.”

Final Settings

  1. Go to the “Settings” tab.
  2. Disable “Enable Logs.”
  3. Click on the “Clear logs” option.
  4. Scroll down and click on the “Bypass Age Verification” option.

Now you are done setting up a more extreme version of NextDNS. It’s important to note that using all these settings may lead to some sites not working. If you encounter a website that doesn’t work, here is the solution:

  1. Go to “Allowlist.”
  2. Add a domain (nullvoided.com) without https://.

A domain consists of a name, dot, and something (example.com), without https:// or www. (or anything else that might come before the initial name of the page).

Privacy & Security For All!